Encrypted communication definitions
RSE API supports HTTPS encrypted communication with web clients. The default is to self-manage encrypted communication and store the server certificate in a key ring, Other supported options are Application Transparent Transport Layer Security (AT-TLS) managed encryption and self-managed using a key store file (deprecated).
In a nutshell, the following tasks must be completed to enable encrypted communication:
- Self-managed with key ring
- Create a server certificate and key ring owned by the RSE API server user ID and attach the server certificate to the server key ring. If signed, also add the related Certificate Authority (CA) certificate to the key ring.
- Define the key ring name in rseapi.env.
- Customize and restart the RSEAPI started task.
- AT-TLS managed
- Create a server certificate and key ring owned by the RSE API server user ID and attach the server certificate to the server key ring. If signed, also add the related Certificate Authority (CA) certificate to the key ring.
- Create a TTLS policy rule that encrypts traffic for the server port, using the certificate assigned to the RSE API server.
- Activate the updated AT-TLS policy.
- Enable AT-TLS usage in rseapi.env.
- Customize and restart the RSEAPI started task.
- Self-managed with key store (deprecated)
- Select the Certificate Authority (CA) used for signing.
- Customize the key store creation variables and invoke the key store creation script.
- Customize rseapi.env.
- Customize and restart the RSEAPI started task.
For more information on how to use a key ring, see Encrypted communication customization.
For more information on how to use AT-TLS, see (Optional) Setting up AT-TLS.
For more information on how to use a key store, see (Optional) Setting up a key store (deprecated).